XSS Flaw Introduced in Google Search JavaScript Library

Xss flaw google

A modification several months ago introduced a cross-site scripting vulnerability (XSS) in Google Search and possibly in Google Products in an open source JavaScript library.

In Google Search, Japanese security researcher Masato Kinugawa found what seemed to be XSS vulnerability. Such a safety hole could represent a serious risk and it could be extremely helpful in phishing and other forms of attacks for malicious actors. The XSS vulnerability was introduced by using a library called Closure and its failure to properly sanitize user input, according to an analysis carried out in LiveOverflow.

Closure is a comprehensive Google JavaScript library for complex and scalable web applications.

The technology giant has created and still uses the library open source for many of its applications, including search, maps and docs. Apparently on 26 September 2018, the vulnerability was introduced when somebody reportedly removed sanitation because of certain user interface problems. It was discussed in September 2018 on 22 February 2019 when the change took place.

Soon after Google learned of its existence, it is said that it patches the vulnerability. Developers ‘ comments on the rollback confirmed that the HTML sanitizer issue was related and that the Google Web Server (GWS) software has a XSS flaw.

SEE ALSO:
Discord Patched a Critical Issue in the Desktop Version of the Messaging App

While analyzing the flaw, LiveOverflow stated that the security bug probably had a bearing upon other Google products using the Closure library. It is unclear whether Google has given this vulnerability a bug bounty.

Total
13
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post
Google tensorFlow

Torrent malware falls as the use of pirated streaming increases

Next Post
Banking app security flaw

Bank applications ‘ security flaws expose data and source code

Related Posts